<?php
	acl();
	if($_SERVER["REQUEST_METHOD"]=="POST") {
		$order_number	= strip_tags($_POST['order_number']);
		$reference		= strip_tags($_POST['reference']);
		$name			= strip_tags($_POST['name']);
		$email			= strip_tags($_POST['email']);
		$telephone		= strip_tags($_POST['telephone']);
		$total			= strip_tags($_POST['total']);
		$date			= strip_tags($_POST['date']);
		$description	= strip_tags($_POST['description']);
		$ip				= getUserIP();

		$upload_fieldname	= 'image';
		$upload_fullpath	= 'contents/slip/'.date('Y-m-d_H-i').'_'.md5('slip'.time()).basename($_FILES[$upload_fieldname]['name']);
		if (move_uploaded_file($_FILES[$upload_fieldname]['tmp_name'], $upload_fullpath)) {
			$upload_basename = basename($upload_fullpath);
		}

		$sql ="INSERT INTO `tbl_payment` (`payment_id`, `member_id`, `order_number`, `reference`, `name`, `email`, `telephone`, `total`, `date`, `description`, `slip`, `ip`, `add_date` , `ssid` , `status`) VALUES (NULL, '$ss_member_id','$order_number', '$reference', '$name', '$email', '$telephone', '$total', '$date', '$description', '$upload_basename', '$ip', NOW(),'$ss_id' , '1');";
		mysql_query($sql);
		exit;
	}
?>